Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION

The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is inconsistent. Most places check SSL->options, one place is checking SSL_CTX->options; fix that. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Kurt Roeckx <kurt@roeckx.be> GH: #3523

Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is inconsistent. Most places check SSL->options, one place is checking SSL_CTX->options; fix that. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Kurt Roeckx <kurt@roeckx.be> GH: #3523
dffdcc77 · Todd Short · Kurt Roeckx · 418bb7b3 · dffdcc77
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/record/rec_layer_s3.c ssl/record/rec_layer_s3.c +1 -1

未找到文件。
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1439,7 +1439,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
        (s->rlayer.handshake_fragment_len >= 4) &&
        (s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
        (s->session != NULL) && (s->session->cipher != NULL) &&
-        !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+        !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
        SSL3_RECORD_set_length(rr, 0);
        SSL3_RECORD_set_read(rr);
        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);